Back to Security Pattern Catalog
Single Sign On Delegator
: Perimeter Security, Spoofing
In a heterogeneous security environment, multiple vendors produce identity management facility and they are based on different assumptions. Thus an SSO facility would tend to have a tight coupling with the application logic.
How can the SSO mechanism be made such that it interact between diverse entities and yet has loose coupling?
Encapsulate access to identity management and SSO functionalities, following independent evolution of loosely coupled identity management services while providing system availability. An SSO Delegator resides in the middle tier between the clients and the identity management service components. It delegates the service request to remote service components. Decouple the physical security service interfaces and hides the details of service invocation, retrieval of security configuration or credential token processing from the client. The SSO Delegator in turn prepares for SSO, configures the security session, looks up physical security service interfaces, invokes appropriate service and performs global logout in the end. Such loosely coupled application architecture minimizes the change impact to the client.
Single sign on delegator implementation to invoke remote security services using EJB.
Single Sign On
Single Sign On, Identity
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz